VLC Media Player Vulnerabilities Allow Remote Code Execution

VideoLAN, the organization behind the widely-used VLC Media Player, has disclosed multiple critical vulnerabilities that could allow attackers to execute arbitrary code remotely. These vulnerabilities impact both the desktop and iOS versions of the software, prompting immediate user action to mitigate potential risks.

SB-VLC3021: Desktop Version Vulnerabilities
The primary issue, identified as SB-VLC3021, involves a potential integer overflow that can be triggered by a maliciously crafted MMS stream, leading to a heap-based overflow. If successfully exploited, this flaw could allow attackers to crash VLC Media Player or execute arbitrary code with the target user's privileges.

Key Points:
Nature of Vulnerability:
Potential integer overflow leading to a heap-based overflow.
Exploitation Method: Maliciously crafted MMS stream.
Potential Consequences: Application crash or arbitrary code execution.
Mitigation Measures: ASLR and DEP offer some protection but can be bypassed.
Workarounds:

Avoid Untrusted MMS Streams: Users should refrain from opening MMS streams from untrusted sources.
Disable VLC Browser Plugins: As a precaution, users can disable VLC browser plugins to prevent potential exploitation.
The VLC development team has addressed this issue in VLC Media Player version 3.0.21. Users are urged to update to this latest version to protect against the vulnerability.

SB-VLC-iOS359: iOS Version Vulnerabilities
The vulnerability in the iOS version, identified as SB-VLC-iOS359, affects the WiFi file-sharing feature. This path traversal vulnerability could allow malicious actors on the local network to upload arbitrary data to hidden storage locations within the application context, potentially leading to a denial-of-service (DoS) condition.

Key Points:
Nature of Vulnerability: Path traversal in WiFi file-sharing feature.
Exploitation Method: Malicious upload on a local network.
Potential Consequences: DoS due to exceeded storage space.
Access Limitation: No read access by third parties; no write access outside the application container.

The vulnerability affects the iOS version of the application, but the tvOS port is not impacted. Exploitation requires the user to start WiFi File Sharing on a local network with malicious actors present.

VLC-iOS version 3.5.9 addresses this issue. Users are strongly encouraged to update to this version to protect their devices.

How to Update VLC Media Player
Desktop Version:

Open VLC Media Player.
Go to “Help” > “Check for Updates.”
Follow the prompts to download and install the latest version.
iOS Version:

Open the App Store on your iOS device.
Search for VLC Media Player.
Tap “Update” if an update is available.
While no exploits have been observed using these vulnerabilities for code execution so far, the potential risks remain significant. Users are advised to update their VLC Media Player versions promptly and take precautionary measures to ensure their systems and data remain secure.